Search CVE reports
3491 – 3500 of 60314 results
Some fixes available 1 of 2
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such...
5 affected packages
tomcat6, tomcat7, tomcat8, tomcat10, tomcat9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tomcat6 | Not in release | Not in release | Not in release | — |
| tomcat7 | Not in release | Not in release | Not in release | Not affected |
| tomcat8 | Not in release | Not in release | Not in release | Not affected |
| tomcat10 | Fixed | Not in release | Not in release | — |
| tomcat9 | Not affected | Not affected | Not affected | Not affected |
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads...
7 affected packages
ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby2.3 | Not in release | Not in release | Not in release | — |
| ruby2.5 | Not in release | Not in release | Not in release | Needs evaluation |
| ruby2.7 | Not in release | Not in release | Needs evaluation | — |
| ruby3.0 | Not in release | Needs evaluation | Not in release | — |
| ruby3.2 | Needs evaluation | Not in release | Not in release | — |
| ruby3.3 | Not in release | Not in release | Not in release | — |
| jruby | Needs evaluation | Not in release | Needs evaluation | Needs evaluation |
A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross...
1 affected package
redmine
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| redmine | Not in release | Not in release | Needs evaluation | Needs evaluation |
built-in shell still present in AAVMF secboot image
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Fixed | Not affected | Not affected | Not affected |
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are...
1 affected package
libspring-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libspring-java | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
1 affected package
quickjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| quickjs | Needs evaluation | Not in release | Not in release | — |
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
1 affected package
quickjs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| quickjs | Needs evaluation | Not in release | Not in release | — |
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1...
1 affected package
libreoffice
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libreoffice | Fixed | Fixed | Fixed | — |
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a...
1 affected package
node-formidable
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-formidable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Not affected | Not affected | Not affected |